Ukukhishwa kwegatsha eliyinhloko le-nginx 1.29.8 kushicilelwe, lapho ukuthuthukiswa kwezici ezintsha kuqhubeka. Ngokuhambisanayo, igatsha elizinzile elithi 1.28.x liyasekelwa, izinguquko ezihlobene kuphela nokuqedwa kwamaphutha amakhulu kanye nokuba sengozini okwenziwayo. Esikhathini esizayo, igatsha elizinzile 1.29 lizokwakhiwa ngesisekelo segatsha elikhulu 1.30.x. Ikhodi yephrojekthi ibhalwe ngo-C futhi isatshalaliswa ngaphansi kwelayisensi ye-BSD.
Ekukhishweni okusha:
- Isiqondiso se-max_headers senezelwe, sikhawulela inani eliphezulu lama-header e-HTTP esicelweni. Uma umkhawulo udluliwe, iphutha le-400 (Isicelo Esibi) liyabuyiselwa. Lesi sici sithunyelwe kusuka ku-FreeNginx.
- Ukuhambisana nomtapo wolwazi we-OpenSSL 4.0, osekuhlolweni kwe-alpha, kuqinisekisiwe.
- Kuvunyelwe ukusebenzisa amamaski kusiqondiso esithi "faka" esichazwe ngaphakathi kwebhulokhi ethi "geo".
- Kulungiswe iphutha ekusingatheni izimpendulo ze-HTTP ngekhodi engu-103 (Amacebo Okuqala) ebuyiswe yi-backend proxied backend.
- Kulungiswe ukungalungiselelwa kwezinguquko ze-$request_port kanye ne-$is_request_port ezicelweni ezingaphansi.
Ngaphezu kwalokho, kufanele siqaphele ukukhishwa kwe-FreeNginx 1.29.8, ifoloko le-Nginx. Ukuthuthukiswa kwefoloko kuholwa nguMaxim Dunin, omunye wabathuthukisi ababalulekile be-Nginx. I-FreeNginx izibeka njengephrojekthi engeyona eyezentengiselwano, eqinisekisa ukuthuthukiswa kwe-codebase ye-Nginx ngaphandle kokuphazamiseka kwezinkampani. Ikhodi ye-FreeNginx iyaqhubeka nokusatshalaliswa ngaphansi kwelayisensi ye-BSD. Inguqulo entsha iqinisekisa ukuhambisana ne-OpenSSL 4.0. Ukugcwala kwe-buffer (CVE-2026-27654) kumojuli ye-ngx_http_dav_module, okwenzeka lapho kucutshungulwa izicelo ze-WebDAV COPY kanye ne-MOVE lapho kusetshenziswa isiqondiso se-"alias" kumabhulokhi "endawo", sekulungisiwe. Ithuba lokulawula amarekhodi e-PTR ku-DNS ukuze kufakwe idatha yomhlaseli (CVE-2026-28753) ezicelweni ze-auth_http kanye nomyalo we-XCLIENT ekuxhumekeni kwe-SMTP ku-backend kuqediwe.
Source: opennet.ru
